Rod Widdowson of Steading System Software LLP discovered a coding errorin the "Dynamic" metadata plugin of the Shibboleth Service Provider,causing the plugin to fail configuring itself with the filters providedand omitting whatever checks they are intended to perform.

For the oldstable distribution (jessie), this problem has been fixedin version 2.5.3+dfsg-2+deb8u1.

For the stable distribution (stretch), this problem has been fixed inversion 2.6.0+dfsg1-4+deb9u1.

We recommend that you upgrade your shibboleth-sp2 packages.

Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/

Rod Widdowson of Steading System Software LLP discovered a coding errorin the OpenSAML library, causing the DynamicMetadataProvider class tofail configuring itself with the filters provided and omitting whateverchecks they are intended to perform.

For the oldstable distribution (jessie), this problem has been fixedin version 2.5.3-2+deb8u2.

For the stable distribution (stretch), this problem has been fixed inversion 2.6.0-4+deb9u1.

We recommend that you upgrade your opensaml2 packages.

Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/